Once you have defined the resources and users/groups to which a permission applies, you can specify the actions that those users/groups can perform on the specified resources. The table below describes the actions you can specify for a permission.
|Allows the specified users/groups to view components on the resources specified in the rule. This applies to any activity related to components such as component search, component details, impact of issues etc. For example, if a repository called "maven-special" is not included in the scope of a permission, users/groups specified in that permission will not see any of the components hosted in that repository. Those components won't turn up in search queries, they won't be displayed in issue analysis etc. Note that this permission is version-agnostic which means that users/groups specified in the permission can see all versions of a component, even if some of those versions are in resources outside of the scope defined in the permission.|
|Allows the specified users/groups to perform actions on components in the specified resources. Currently, the only action available is to manually trigger a scan.|
|Allows the specified users/groups to see Watches and Issues related to the resources specified in the permission.|
|Allows the specified users/groups to add, edit and delete Watches, Ignore Violations related to the resources specified in the permission, and assign policies to Watches.|
|This action can only be applied to a Global Scope. It allows the specified users/groups to view global security and license reports.|
|This action can only be applied to a Global Scope. It allows to view the Admin module and perform all actions available to an Xray administrator such as managing connected Artifactory instances, doing a DB sync etc.|
|Allows users to view/add/edit/remove policies in the system.|
For a clean installation of JFrog Xray version 1.9 and above, permission management is automatically enabled and you can create and edit permissions as described in the sections below.
When upgrading Xray from a version that is below 1.9 to version 1.9 and above, when you start up Xray, it will migrate your component database to enable permission management. This process is initiated automatically by Xray upon startup and may take a while depending on the size of your database, however, the process runs in the background allowing you to continue using the other features of Xray in the mean time. You can view the progress of the migration process in the Admin module under Security | Permissions.
Once the component database migration is complete, you must activate permission management for it to be functional. Note, however that activating permission management is optional. You may continue using Xray, as before, without any permission management. In this case all users accessing the system will have the same Admin privileges.
Once you activate permission management, you can create and edit permissions as described in the sections below.
You can access the list of Permissions defined in Xray from the Admin module under Security | Permissions.
Double-click a Permission Name to edit an existing Permission, or click "New Permission" to create a new one.
Creating editing a permission is done in three steps.
After completing these steps, make sure to click "Save & Finish" to save your changes.
|A logical name for this permission.|
|If selected, this permission applies to all resources available. When selected, the rest of this form is disabled since there is nothing more to specify.|
|If selected, you need to specify the resources (Artifactory instances, repositories and/or builds) to which this permission applies.|
Gives you control over which resources this permission should apply.
|Displays the resources available for this permission according to the filters you have applied.|
|Displays the resources you have selected for this permission.|
Once you have specified the resources for this permissions, select the Groups tab to specify the groups on which to apply it.
The Groups tab will display groups defined in the Artifactory instance specified as your authentication provider.
Using the arrow, or by double-clicking, add the Groups for which you want to define actions and then specify the actions allowed.
Once you have specified Groups and their allowed actions for this permission, select the Users tab to specify additional users on which to apply it.
The Users tab will display uses defined in the Artifactory instance specified as your authentication provider as well as any other users defined internally in Xray.
Note that the list of users indicates where each user is defined. In the example below, we can see that the user called firstname.lastname@example.org is imported from the connected Artifactory instance defined as the Authentication Provider which is using SAML for authentication.
Using the arrow, or by double-clicking, add the users for which you want to define actions and then specify the actions allowed.